Replace guava with caffeine.

[rimasu]

Caffeine is a focussed library that just provides caching. It has similar behaviour to guava's caching library.

This commit replaces guava's cache with caffeine and remove other minor uses of guava APIs.

Changes

Please describe both what is changing and why this is important. Include:

• Endpoints added, deleted, deprecated, or changed N/A

• Classes and methods added, deleted, deprecated, or changed

Replaced Guava cache with Caffeine based cached. This is a smaller and more focused library with fewer CVEs and good adoption.

Removed some trivial usages of guava in test code.

• Screenshots of new or changed UI, if applicable N/A

• A summary of usage if this is a new feature or change to a public API (this should also be added to relevant documentation once released) N/A

• Any alternative designs or approaches considered N/A

References

Please include relevant links supporting this change such as a:

• support ticket
• community post
• StackOverflow post
• support forum thread

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

I have replaced the existing test with functionally equivalent tests.

• [x] This change adds test coverage
• [ ] This change has been tested on the latest version of Java or why not

This has been tested on Java 11 as this is compatible with project's java version (1.8).

Checklist

• [X ] I have read the Auth0 general contribution guidelines
• [X] I have read the Auth0 Code of Conduct
• [X] All existing and new tests complete without errors

[rimasu]

API comparison is failing because GuavaCachedJwkProvider (that was removed) was public. The usage in this module makes it look like it was designed as an internal implementation, rather than a component to be used else where.

[jimmyjames]

Thanks for the PR @rimasu! We do want to look into Guava alternatives, including Caffeine. As you noted, unfortunately when the library was written it was tightly coupled to Guava, so I think changing it would be a breaking change. As this library is on 0.x, by semantic versioning a breaking change can be introduced, but we'll need to look through the various options and do some comparison before deciding.